Sierra Wireless Firmware Release Addresses Vulnerability

Sierra Wireless have issued a special firmware release to address a vulnerability issue that has been found, affecting devices which use the GNU C library (glibc).

The vulnerability, named CVE-2015-0235 or “Ghost”, describes a vulnerability that may allow an attacker to execute unauthorised operations on devices running with an afftected version of the GNU C library.

Products containing the vulnerable code are the LS300, GX400, GX440, GX450, ES440 and ES450. While these devices contain the vulnerable code they are unlikely to be exploited by an attacker. As a precaution Sierra Wireless is releasing an updated version of ALEOS 4.4.0 and 4.4.0B that eliminates the vulnerable code. (The Raven, PinPoint and MP Series are all unaffected.)